Network connected computer devices are everywhere, especially with the explosion in use of wireless devices. They generate, communicate, monitor, and analyze vast amounts of data. Data is arguably the most important asset of businesses and is also value by individuals.
The number and level of sophistication of security attacks is growing. Cyber attacks, corporate espionage and insider threats occur are common ways in which data leaves a business's data infrastructure. Data is especially vulnerable to attack when files are either stored or transferred. Furthermore, human error has been shown to be a leading cause of data leakage.
It is estimated that the global cost of cyber attacks in 2010 alone was 1 trillion USD. The cost of cyber crime to Canadians alone in 2010 is estimated to have been 5.5 billion CAD. Furthermore some studies have estimated that in 2010 twenty percent (20%) of Canadian internet users suffered a cyber attack of some type.
In addition cyber attacks can cause substantial harm to the reputation of organizations.
Furthermore, it is well known that adoption of cloud services for accessing information and accessing applications can provide important improvements in functionality, accessibility and can reduce costs to business. However, security is a key reason why businesses are relatively slow to adopt cloud services.
A skilled reader will understand that presently, various security solutions exist for securing data in storage or during transmission. However, current security solutions tend to be either robust and expensive requiring a significant degree of technical expertise, or light and superficial providing only a minimum level of data security. Also, many data security solutions require skilled personnel, or training of staff, which can be expensive.
For example, some prior art data security solutions include whole disk encryption of all data on a computing device 100 (e.g. a computer's hard drive) is secured. While there is no risk to forgetting to encrypt a file with whole disk encryption, the question raised is whether it really is necessary to encrypt all files on a hard drive, including files related to the operating system, for example. Furthermore, files leaving the computer via a USB storage drive, e-mail or other network connection are not secured, and it is not possible to share files securely with other users. Using a secure USB drive provides similar limitations, as files may need to be stored on a hardware specific USB drive. As a significant limitation, only files on the drive are secured, and individual files cannot be shared securely without sharing both the device and the password. If the device is lost, both the files and security investment are lost.
Another example of a prior art data security solution includes the use of software encryption for securing data, which can be of high quality. But software encryption often requires the user to be familiar with security algorithms and processes, etc. In addition, if a password is lost, the files normally cannot be recovered. As another significant limitation, a password may need to be shared to share encrypted files with another user. The password is then the weak link of the security system.
Yet other data security solutions incorporate a Public Key Infrastructure (PKI) secure connection. Such prior art solutions may include hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. While potentially very effective, this approach may not be practical for companies that do not have the technical staff and resources to deploy the infrastructure. As well, even if the communication line is secured, the end points may not be secure.
Given all of the above limitations and vulnerabilities of prior art solutions, the present inventor has developed what is believed to be a novel, innovative technology to overcome at least some of these limitations and vulnerabilities.
What is needed is an improved system, apparatus and/or method that addresses some of the limitations of the prior art. In particular there is a need for a